← Back to CVEs
CVE-2025-36752
CRITICAL9.8
Description
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/13/2025
Last Modified1/14/2026
Sourcenvd
Honeypot Sightings0
Affected Products
growatt:shine_lan-xgrowatt:shine_lan-x_firmware
Weaknesses (CWE)
CWE-798
References
https://csirt.divd.nl/CVE-2025-36752/(csirt@divd.nl)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.